Received: by 2002:a25:8b12:0:0:0:0:0 with SMTP id i18csp1340940ybl;
        Sun, 18 Aug 2019 01:18:38 -0700 (PDT)
X-Google-Smtp-Source: APXvYqx6q0thx6DPmpx+5mAsGmyS17KKaBYCUWK4SHsckpgulBcrNuE3/EvqQ+POVMwlfdq62c1/
X-Received: by 2002:a63:ab08:: with SMTP id p8mr15530993pgf.340.1566116318712;
        Sun, 18 Aug 2019 01:18:38 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1566116318; cv=none;
        d=google.com; s=arc-20160816;
        b=mTs6tjNZUlxAN28EGGKqaOsnonixu3DeLstd35Xpd8acwPC9JBSvmqh6zrDc3z8Lq3
         qJFpvPtnXL+VWa4jURym6hAWYfRDaCJbEoSwq1NpW4A1WoEVK9RyAEdk7GSlD9UvH85k
         bNiq05enzJPszwkvINat2o/Y9meT27Ok4PWP56KcAfeG9kJfrAA/U5wK04xhET1Gg5is
         xmNxppyz1WNWr8Hw0dkUHaFCFGgJy/fMHDB+jPnFWjpHR00dIqgH4wk3e4FBB4ajMg2I
         ZeDDkA5zdpd5xWTt2v7ObCTHKRbwfCl21fU1bQPGRfrOfmS0pLWolNy1c+n0g2j10UqW
         3pFg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:thread-index:thread-topic
         :content-transfer-encoding:mime-version:subject:references
         :in-reply-to:message-id:cc:to:from:date;
        bh=hZ4EhHjpA5hEx3E40CFJeOz5d9ZJpWv2QgygHvJmQsE=;
        b=E6lOug2h7Bu3BtYlpYwI328qULUhUdcWMHlGebYeScS7EWqHN3ue2abTWfXtbzwNQE
         AqlPCY5FNfg/Lkgp0obneqsYbA6bU5Ahl9aR+YsSWJ7jxAflGqTSNJ/oMDLVPATZAlZt
         ZI6GNpgqAWPfqdjfYQx9EkEizvSKjV40n4/2CKWFTYvdM5IWILptkwQ/oOCSoYXtLYr5
         egEP+um562YuwQnt+xRLHlTSxYUvAQPRLSpe2Q5VgOhlI8L//5/wH6wZlfkTRWcRYfFz
         ndm3v6enuboCgPVeP9yYSJl2fTj5+/SpANZg6CK1HAj2rRUMbP5/C3GVKEOj4atTx9wy
         uS0w==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id 12si7443478pgu.469.2019.08.18.01.18.14;
        Sun, 18 Aug 2019 01:18:38 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726523AbfHRIQz convert rfc822-to-8bit (ORCPT
        <rfc822;shmalave.kernel@gmail.com> + 99 others);
        Sun, 18 Aug 2019 04:16:55 -0400
Received: from lithops.sigma-star.at ([195.201.40.130]:51072 "EHLO
        lithops.sigma-star.at" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1726097AbfHRIQz (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Sun, 18 Aug 2019 04:16:55 -0400
Received: from localhost (localhost [127.0.0.1])
        by lithops.sigma-star.at (Postfix) with ESMTP id 8558A608311C;
        Sun, 18 Aug 2019 10:16:52 +0200 (CEST)
Received: from lithops.sigma-star.at ([127.0.0.1])
        by localhost (lithops.sigma-star.at [127.0.0.1]) (amavisd-new, port 10032)
        with ESMTP id dLQLHM2VGAbe; Sun, 18 Aug 2019 10:16:52 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
        by lithops.sigma-star.at (Postfix) with ESMTP id 3071B6083139;
        Sun, 18 Aug 2019 10:16:52 +0200 (CEST)
Received: from lithops.sigma-star.at ([127.0.0.1])
        by localhost (lithops.sigma-star.at [127.0.0.1]) (amavisd-new, port 10026)
        with ESMTP id HNzNTCQoIICw; Sun, 18 Aug 2019 10:16:52 +0200 (CEST)
Received: from lithops.sigma-star.at (lithops.sigma-star.at [195.201.40.130])
        by lithops.sigma-star.at (Postfix) with ESMTP id E7E00608311C;
        Sun, 18 Aug 2019 10:16:50 +0200 (CEST)
Date:   Sun, 18 Aug 2019 10:16:50 +0200 (CEST)
From:   Richard Weinberger <richard@nod.at>
To:     Gao Xiang <hsiangkao@aol.com>
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        Al Viro <viro@zeniv.linux.org.uk>,
        linux-fsdevel <linux-fsdevel@vger.kernel.org>,
        devel <devel@driverdev.osuosl.org>,
        linux-erofs <linux-erofs@lists.ozlabs.org>,
        linux-kernel <linux-kernel@vger.kernel.org>,
        Andrew Morton <akpm@linux-foundation.org>,
        Stephen Rothwell <sfr@canb.auug.org.au>, tytso <tytso@mit.edu>,
        Pavel Machek <pavel@denx.de>, David Sterba <dsterba@suse.cz>,
        Amir Goldstein <amir73il@gmail.com>,
        Christoph Hellwig <hch@infradead.org>,
        Darrick <darrick.wong@oracle.com>,
        Dave Chinner <david@fromorbit.com>,
        Jaegeuk Kim <jaegeuk@kernel.org>, Jan Kara <jack@suse.cz>,
        torvalds <torvalds@linux-foundation.org>,
        Chao Yu <yuchao0@huawei.com>, Miao Xie <miaoxie@huawei.com>,
        Li Guifu <bluce.liguifu@huawei.com>,
        Fang Wei <fangwei1@huawei.com>,
        Gao Xiang <gaoxiang25@huawei.com>
Message-ID: <1405781266.69008.1566116210649.JavaMail.zimbra@nod.at>
In-Reply-To: <20190817233843.GA16991@hsiangkao-HP-ZHAN-66-Pro-G1>
References: <20190817082313.21040-1-hsiangkao@aol.com> <1746679415.68815.1566076790942.JavaMail.zimbra@nod.at> <20190817220706.GA11443@hsiangkao-HP-ZHAN-66-Pro-G1> <1163995781.68824.1566084358245.JavaMail.zimbra@nod.at> <20190817233843.GA16991@hsiangkao-HP-ZHAN-66-Pro-G1>
Subject: Re: [PATCH] erofs: move erofs out of staging
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8BIT
X-Originating-IP: [195.201.40.130]
X-Mailer: Zimbra 8.8.12_GA_3807 (ZimbraWebClient - FF60 (Linux)/8.8.12_GA_3809)
Thread-Topic: erofs: move erofs out of staging
Thread-Index: ruyGuw+zrtJwjCvvrW6JXcct54lOmw==
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

----- Ursprüngliche Mail -----
>> While digging a little into the code I noticed that you have very few
>> checks of the on-disk data.
>> For example ->u.i_blkaddr. I gave it a try and created a
>> malformed filesystem where u.i_blkaddr is 0xdeadbeef, it causes the kernel
>> to loop forever around erofs_read_raw_page().
> 
> I don't fuzz all the on-disk fields for EROFS, I will do later..
> You can see many in-kernel filesystems are still hardening the related
> stuff. Anyway, I will dig into this field you mentioned recently, but
> I think it can be fixed easily later.

This is no excuse to redo all these bugs. :-)

I know that many in-kernel filesystems trust the disk ultimately, this is a
problem and huge attack vector.

Thanks,
//richard